factionsecurity
diff --git a/‎WebContent/dist/js/overview.js
Lines changed: 1 addition & 1 deletion b/‎WebContent/dist/js/overview.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎WebContent/dist/js/templates.js
Lines changed: 1 addition & 1 deletion b/‎WebContent/dist/js/templates.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎WebContent/dist/js/vulnview.js
Lines changed: 1 addition & 1 deletion b/‎WebContent/dist/js/vulnview.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎WebContent/src/assessment/vulnview.js
Lines changed: 4 additions & 6 deletions b/‎WebContent/src/assessment/vulnview.js
Lines changed: 4 additions & 6 deletions
diff --git a/‎WebContent/src/utils/editor.js
Lines changed: 6 additions & 2 deletions b/‎WebContent/src/utils/editor.js
Lines changed: 6 additions & 2 deletions
diff --git a/‎src/com/fuse/utils/FSUtils.java
Lines changed: 3 additions & 4 deletions b/‎src/com/fuse/utils/FSUtils.java
Lines changed: 3 additions & 4 deletions
@@ -196,7 +196,6 @@ class VulnerabilityView {
         this._token = $("#_token")[0].value;
         this.queue = new SaveQueue(this, assessmentId, this.saveChanges, (type, vulns) => { this.updateCallback(type, vulns) });
         this.vulnId = -1;
-        this.editors = {};
         this.descUndoCount = 0;
         this.initialHTML = {};
         this.assesssmentId = assessmentId //$("#assessmentId")[0].value;
@@ -233,12 +232,12 @@ class VulnerabilityView {
         $('[id^="rtCust"]').each(function () {
             const id = $(this).attr('id')
             if(id.indexOf("_header") == -1){
-            	_this.editors.createEditor(id,true);
+            	_this.editors.createEditor(id,true, ()=>{});
             }
         });
-            _this.editors.createEditor("description",true);
-            _this.editors.createEditor("recommendation",true);
-            _this.editors.createEditor("details",true);
+		_this.editors.createEditor("description",true, ()=>{});
+		_this.editors.createEditor("recommendation",true, ()=>{});
+		_this.editors.createEditor("details",true, ()=>{});
 
         const initialHTML = entityDecode($("#notes").html());
 		this.editors.createEditor("notes",true, (param, editor) =>{
@@ -1087,7 +1086,6 @@ class VulnerabilityView {
             _this.queue.push('vulnerability', _this.vulnId, this.id, encodeURIComponent(b64EncodeUnicode(val)));
         }));
 
-
         $('[id^="rtCust"]').each(function () {
         	const rtId = this.id;
         	if(rtId.indexOf("header") == -1 ){
 
@@ -5,6 +5,7 @@ import tableMergedCell from '@toast-ui/editor-plugin-table-merged-cell'
 import '@toast-ui/editor/dist/toastui-editor.css';
 import 'tui-color-picker/dist/tui-color-picker.css';
 import '@toast-ui/editor-plugin-color-syntax/dist/toastui-editor-plugin-color-syntax.css';
+import '@toast-ui/editor-plugin-table-merged-cell/dist/toastui-editor-plugin-table-merged-cell.css'
 import { marked } from 'marked';
 import TurndownService from 'turndown'
 let html2md = new TurndownService()
@@ -27,7 +28,7 @@ export class FactionEditor {
 				'span', 'hr', 's', 'del', 'blockquote'
 				// Add other tags Toast UI uses
 			],
-			ALLOWED_ATTR: ['href', 'src', 'alt', 'class', 'style', 'text-decoration'], // Optional
+			ALLOWED_ATTR: ['href', 'src', 'alt', 'class', 'style', 'text-decoration', 'colspan'], // Optional
 		});
 	};
 	createUnderlineButton(id) {
@@ -301,9 +302,12 @@ export class FactionEditor {
 	}
 
 	recreateEditor(id, contents, offloadImages, isEncoded, callback){
+		if(typeof callback == 'undefined'){
+			callback = function(){}
+		}
+		this.changeOff(id);
 		this.editors[id].destroy();
 		this.createEditor(id,offloadImages,()=>{});
-		this.changeOff(id);
 		this.editors[id].hide();	
 		if (isEncoded) {
 			contents = this.b64DecodeUnicode(contents)
 
@@ -125,14 +125,13 @@ public static String sanitizeHTML(String html) {
 		PolicyFactory policyBuilder = new HtmlPolicyBuilder().allowAttributes("src").onElements("img")
 				.allowUrlProtocols("data", "http", "https").allowAttributes("href").onElements("a")
 				.allowAttributes("src", "width", "height", "controls").onElements("video")
-				.allowAttributes("style", "class")
-				.onElements("a", "label", "h1", "h2", "h3", "h4", "h5", "h6", "p", "i", "b", "u", "strong", "em",
+				.allowAttributes("style", "class", "colspan").onElements("a", "label", "h1", "h2", "h3", "h4", "h5", "h6", "p", "i", "b", "u", "strong", "em",
 						"small", "big", "pre", "code", "cite", "samp", "sub", "sup", "strike", "center", "blockquote",
 						"hr", "br", "col", "font", "div", "img", "ul", "ol", "li", "dd", "dt", "dl", "tbody", "thead",
 						"tfoot", "table", "td", "th", "tr", "colgroup", "fieldset", "legend", "span")
 				.allowAttributes("data-changedata", "data-cid", "data-last-change-time", "data-time", "data-userid",
-						"data-username", "title")
-				.onElements("span").allowAttributes("border", "cellpadding", "cellspacing", "style", "class").onElements("table")
+						"data-username", "title").onElements("span")
+				.allowAttributes("border", "cellpadding", "cellspacing", "style", "class", "colspan").onElements("table")
 				.allowStandardUrlProtocols()
 				.allowElements("a", "label", "h1", "h2", "h3", "h4", "h5", "h6", "p", "i", "b", "u", "strong", "em",
 						"small", "big", "pre", "code", "cite", "samp", "sub", "sup", "strike", "center", "blockquote",